tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat Realm Auto-Relogin after Session-Timeout Problem
Date Wed, 11 Feb 2009 13:29:07 GMT
Hash: SHA1


Please keep all discussions on the list.

On 2/11/2009 8:08 AM, wrote:
> First, I did what you suggested and set a Key value pair in the
> session map. in the login phase im trying to read this value to see
> if the user is coming from the loginpage.

You won't really be able to tell if the user is "coming" from the login
page. The best you can do is to detect that the session is not in a
proper state - by checking for some key in the session. I'm just trying
to be clear.

> The problem now seems to be, that i write the session key too late
> and my lookup happens to early which means that in the lookup moment
> the key never is set.

You have to do your checking in a Filter so that it occurs /before/ the
servlet handles the request. Otherwise, you'd have to re-write a LOT of
your application to check for proper session state before doing whatever
it is your servlet needs to do.

> We write the session keypair in that moment when we load the userdata
>  which is pretty close after the login form.

Exactly where?

> We try to read the value in the SessionTimeoutFilter. But in this
> filter, the Key is never set. By the way , we're using JSF(RI) and
> Orchestra.core v1.2. Maybe this frameworks are involved in our
> problem im not sure....

It's possible that the framework is interfering, but unlikely. Can you
send the code for your SessionTimeoutFilter as well as the configuration
from web.xml for /all/ of your filters? Remember to remove any sensitive

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message